I need to get access to my user's information when they are offline and I understand that I need to use an extended access token which lasts 60 days. I have been looking at this SO post How to extend access token validity since offline_access deprecation and this says that I need to include the stated method in my base_facebook.php file and make a call to the method.

However, looking through my code there is no explicit request or use of access tokens anywhere so I'm unsure how to request an extended access token. This post Do I need to use access token in Facebook API? explains that using the PHP SDK the access token is automatically appended to the api requests, which would explain why I have never encountered access tokens so far.

So my question is how do I get the user to give an extended access token when they sign in using the PHP SDK method getExtendedAccessToken()?

EDIT: A key point here is that you can't seem to get an extended access token for your own app! I tried this with one of my test users and it worked fine! Another point to note is that the access token tool will only show by default the access tokens for the person who actually developed the app. To see the specifics of the access token for other users you need to go to the debugger part and input the access token there. Hope this helps.

1 Answer
1

If you haven't seen any references to access tokens, they are most likely being stored in session variables. You could try adding echo "<pre>";print_r($_SESSION);exit(0); to your code to see what is stored in the session. You would add it somewhere after you have already been logged in.

If you are calling getExtendedAccessToken() from the PHP SDK, then the access token returned will automatically be long lived. To retrieve it after they are directed back to your site, you can use the getAccessToken() method. You would then store the returned value, and use it when you want to make calls later with setAccessToken($stored_token) .

Thanks for the reply David! I tried your suggestion of echoing out the contents of the session and you were right - the access token was being stored there! I don't quite understand what you mean in the second paragraph though. Am I supposed to call getExtendedAccessToken() in my code (sometime after getting my short-life access token), take this value and use the setAccessToken() method to store the value in the session variable where the short-life one was stored?
–
user1058210Aug 15 '12 at 14:31

That sounds right except in the future you shouldn't even need to retrieve a short-life access token. Also, though you will want to call setAccessToken() before making an API call, you will need to use persistent storage like a database so you can retrieve the token later. The session will be cleared after a certain amount of time and is not used in server side requests (ie. Graph / FQL calls)
–
thefreemanAug 15 '12 at 18:37

Ah I was just wondering about this! So in outline: the first time they log in you get the short lived access token, exchange it for an extended token and store this in a database. Whenever you need to access their profile later when they are not logged in you simply retrieve their access token from the database and use setAccessToken(), and you can get the data. I think there's going to be a lot of switching in access tokens in my app!
–
user1058210Aug 16 '12 at 14:56